Nest Denies Smart Thermostat Data Leak, Researchers At Fault

The Internet of Things has its pros and cons. The technology can make things immensely convenient, but as of late, concerns have been surrounding on how secure connected devices can actually protect our private information in open Web.
( David Berkowitz | Flickr )

Advertisement

The thing about what is popularly known as the Internet of Things is that in the future, everything will be connected - thermostats to our phones, our cars to streetlights - and there will be no hiding.

Where we live and whether we're home or not is just some of the data that can be collected about us from the things that are connected to the cloud. While quite convenient, there is a fine line between how much we can benefit from technology and when that trust begins to breakdown.

That may have happened when news broke out about Nest thermostats reportedly leaking data about a user's home. According to a report conducted at Princeton University and shared at the recent PrivacyCon conference held by the Federal Trade Commission, the Nest thermostat was transmitting data unencrypted.

In theory, unencrypted data being shared over a public internet could be sniffed out by online hackers to intercept private information. All they'd need to do was look in the right place and the information would be there in plain sight.

Initially, reports said that Nest's thermostats were sharing location information about a user's home and the nearest weather station close to them. A user's zip code was also supposedly being revealed.

"Investigating the traffic to and from these devices turned out to be much easier than expected, as many of the devices exchanged personal or private information with servers on the Internet in the clear, completely unencrypted," the report stated.

However, Nest replied that the researchers had made a mistake.

"The authors initially made an incorrect assumption.... In fact, the weather information is provided by an online weather service, and the geolocation coordinates are for their remote weather stations, not our customers' homes. The only user information that is contained in the requests is zip code," said a Nest spokesperson.

Nonetheless, Nest still leaked unencrypted information from a user's home out into the open. And, at worst, their thermostat's still revealed a user's zip code. What could have a worst case scenario looked like? Fortunately, it never came to that, but could it one day soon in the future?